mirror of
https://github.com/HackTricks-wiki/hacktricks-cloud.git
synced 2025-12-30 22:50:43 -08:00
1.6 KiB
1.6 KiB
Az - Queue Storage Persistence
{{#include ../../../banners/hacktricks-training.md}}
Queue
For more information check:
{{#ref}} ../az-services/az-queue-enum.md {{#endref}}
Actions: Microsoft.Storage/storageAccounts/queueServices/queues/write
This permission allows an attacker to create or modify queues and their properties within the storage account. It can be used to create unauthorized queues, modify metadata, or change access control lists (ACLs) to grant or restrict access. This capability could disrupt workflows, inject malicious data, exfiltrate sensitive information, or manipulate queue settings to enable further attacks.
az storage queue create --name <new-queue-name> --account-name <storage-account>
az storage queue metadata update --name <queue-name> --metadata key1=value1 key2=value2 --account-name <storage-account>
az storage queue policy set --name <queue-name> --permissions rwd --expiry 2024-12-31T23:59:59Z --account-name <storage-account>
References
- https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues
- https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api
- https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes
{{#include ../../../banners/hacktricks-training.md}}